Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence-cst: build CST using libcrypto from SDK 

CST was being built linking to the openssl libcrypto library from the host.
When the openssl version in the host didn't match the version in the SDK,
the SDK build failed like this:

Error:
 Problem 1: package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
  - conflicting requests
  - nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
 Problem 2: package nativesdk-packagegroup-qt5-toolchain-host-1.0-r0.0.x86_64_nativesdk requires nativesdk-packagegroup-sdk-host, but none of the providers can be installed
  - package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
  - conflicting requests
  - nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk

Fix that by adding the native dependencies include and lib folders to
the CST build. Also add openssl-native as a dependency for the SDK build,
otherwise it wont link to the SDK libcrypto library.

Additionally, to allow running CST in a host machine where the openssl version
does not match the version in the SDK, libcrypto library is statically linked.

https://jira.digi.com/browse/DEL-7346

Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit is contained in:
Gonzalo Ruiz 2020-12-16 14:26:17 +01:00
parent 0c44a150d0
commit a95b3ad602
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
View File

@ -10,7 +10,9 @@ DEPENDS = "openssl byacc flex"
# Explicitly add byacc-native as a dependency when building the package for the # Explicitly add byacc-native as a dependency when building the package for the
# SDK, otherwise, it won't get installed in the sysroot, causing a compilation # SDK, otherwise, it won't get installed in the sysroot, causing a compilation
# error. # error.
DEPENDS_append_class-nativesdk = " byacc-native" # Explicitly add openssl-native for the SDK build to correctly link to the
# openssl libraries in the native dependencies folder.
DEPENDS_append_class-nativesdk = " byacc-native openssl-native"
SRC_URI = " \ SRC_URI = " \
${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tgz', '', d)} \ ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tgz', '', d)} \
@ -20,6 +22,7 @@ SRC_URI = " \
file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \ file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
file://0005-ahab_pki_tree.sh-automate-script.patch \ file://0005-ahab_pki_tree.sh-automate-script.patch \
file://0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch \ file://0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch \
file://0007-Makefile-statically-link-libcrypto.patch \
" "
# Usually local files (with file:// protocol) are not checked for # Usually local files (with file:// protocol) are not checked for
@ -36,6 +39,8 @@ python() {
S = "${WORKDIR}/cst-${PV}/" S = "${WORKDIR}/cst-${PV}/"
do_compile() { do_compile() {
export LDLIBPATH=-L${WORKDIR}/recipe-sysroot-native/usr/lib
export COPTIONS=-I${WORKDIR}/recipe-sysroot-native/usr/include
cd ${S}/code/cst cd ${S}/code/cst
oe_runmake OSTYPE=linux64 clean oe_runmake OSTYPE=linux64 clean
oe_runmake OSTYPE=linux64 rel_bin oe_runmake OSTYPE=linux64 rel_bin

27
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0007-Makefile-statically-link-libcrypto.patch Normal file
View File

@ -0,0 +1,27 @@
From: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Date: Tue, 15 Dec 2020 17:01:45 +0100
Subject: [PATCH] Makefile: statically link libcrypto
Statically link libcrypto so the host machine does not require to have
installed the same openssl version that was used to build the binaries.
This requires dynamically linking the libpthread and libdl libraries.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
---
code/cst/code/build/make/gcc.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code/cst/code/build/make/gcc.mk b/code/cst/code/build/make/gcc.mk
index 0394f5a..cc57f6b 100755
--- a/code/cst/code/build/make/gcc.mk
+++ b/code/cst/code/build/make/gcc.mk
@@ -28,7 +28,7 @@ COPTIONS += -std=c99 -D_POSIX_C_SOURCE=200809L -Wall -Werror -pedantic -fPIC -g
#==============================================================================
LDOPTIONS += -g
-LDLIBS := -lcrypto
+LDLIBS := -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lpthread -ldl
# Archiver flags
#==============================================================================